CVE-2023-52426

SOURCE - nist

Summary

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

EPSS Score⁠: 0.00051 (0.195)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-776⁠

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

SOURCE - redhat

CWE-776⁠

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Sources (6)

Impacted images

debian

CREATED

3 months ago

UPDATED

1 month ago

SOURCE IDCVE-2023-52426⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/expat	deb	debian	12	>=2.5.0-1	Not yet available
debian/expat	deb	debian	10	>=2.2.6-2+deb10u4	Not yet available
debian/expat	deb	debian	unstable	<2.6.0-1	2.6.0-1
debian/expat	deb	debian	13	<2.6.0-1	2.6.0-1
debian/expat	deb	debian	11	>=2.2.10-2+deb11u5	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

4 months ago

UPDATED

2 months ago

SOURCE IDCVE-2023-52426⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-776⁠

CVSS SCORE

5.5medium

alpine

CREATED

3 months ago

UPDATED

2 months ago

SOURCE IDCVE-2023-52426⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

3 months ago

UPDATED

21 days ago

SOURCE IDCVE-2023-52426⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

amazon

CREATED

3 months ago

UPDATED

3 months ago

SOURCE IDALAS2023-2024-524⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

redhat

CREATED

4 months ago

UPDATED

3 months ago

SOURCE IDCVE-2023-52426⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-776⁠

CVSS SCORE

5.3medium